2022 Annual Data Breach

2022 Annual Data Breach Report from ITRC: Cybersecurity Trends

The Identity Theft Resource Center (ITRC) has released its 2022 Annual Data Breach Report, showing near-record breach counts and more victims!

According to the 2022 Annual Data Breach Report (available for download here), the number of data compromises in 2022 (1,802) was only 60 events short of the previous all-time high set in 2021 (1,862 compromises, for those who can’t do math). ITRC says that the first half of 2022 saw fewer compromises reported due in part to Russia-based cybercriminals distracted by the war in Ukraine and volatility in the cryptocurrency markets. However, the number of data compromises steadily increased in the second half of 2022.

War – what is it good for? Absolutely…reducing cyberattacks by Russians (apparently).


Anyway, here’s something that did increase from last year. The number of victims impacted (422.1 million) increased by almost 41.5 percent from 2021. For 11 of the 12 months in 2022, the estimated number of data compromise victims was trending downward for the sixth consecutive year. However, that trend reversed with news that personal information of 221 million Twitter users was available in illicit identity marketplaces.

As if we didn’t have enough to worry about Twitter these days.

Other findings in the 2022 Annual Data Breach Report include:

  • Data breach notices suddenly lacked details, resulting in increased risk for individuals and businesses, as well as uncertainty about the number of data breaches and victims. “Not specified” was the largest category of cyberattacks leading to a data breach in 2022, ahead of Phishing and Ransomware. Only 34 percent of data breach notices included victim and attack vector details.
  • Cyberattacks remain the primary source of data breaches; the number of data breaches resulting from supply chain attacks exceeded compromises linked to malware in 2022. Malware is often viewed as the core of most cyberattacks. However, in 2022, supply chain attacks surpassed the number of malware-based attacks by nearly 40 percent. According to the 2022 Annual Data Breach Report, more than 10 million people were impacted by supply chain attacks targeting 1,743 entities. By comparison, 70 malware-based cyberattacks affected 4.3 million people.

The 38-page PDF 2022 Annual Data Breach Report includes a Letter from the CEO, Key Findings of 2022 Data Compromises, Case Studies, Breach Alert for Business, Consumer & Business Resources, an Appendix (which contains a quarter-by-quarter analysis of data breaches, a Glossary of Terms and an About section. As usual, the report is chock-full of graphics, which makes it a much easier read than the 38 pages would indicate. Check it out here!


So, what do you think? Are you encouraged or discouraged by these numbers? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leave a Reply